©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.

Slides:



Advertisements
Similar presentations
General Operation and Facts As of 3/24/2014. Virtual Desktop 1. What is a Virtual Desktop? 2. Why VDI? 3. Installing the Virtual Desktop 4. Accessing.
Advertisements

Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Content Overview Update Process Additional Tools.
A Siemens Enterprise Communications Company “There is nothing more important than our customers” BYOD and Maintaining Control of Your Network.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Authenticated Network Architecture
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Virtual Machine Management
©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Course 201 – Administration, Content Inspection and SSL VPN
© Aastra – 2013 BluStar for iPad / iPhone September 2013 BluStar for iPad/iPhone.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Your storage on the ground; Your files in the cloud.
Enabling Authentication & Network Admission Control Steve Pettit.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
IGEL UMS Product Marketing Manager October 2011 Florian Spatz Universal Management Suite.
Supporting BYOD Dennis Cromwell Supporting BYOD  CISCO Study – 15B devices capable of connecting to a network by 2015  The Consumerization.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Implementing Network Access Protection
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
QuickBooks, hosted by Reckon Online Catie Cotcher.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
© 2013 Avaya Inc. All rights reserved Avaya UC Collaboration Solution A complete solution for midsize companies Mobility Video SecurityNetworking.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Module 8: Configuring Network Access Protection
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Secure Bring Your Own Device (BYOD) for Higher Education Name Title .
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Lieberman Software Random Password Manager & Two-Factor Authentication.
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Configuring Network Access Protection
Securely Synchronize and Share Enterprise Files across Desktops, Web, and Mobile with EasiShare on the Powerful Microsoft Azure Cloud Platform MICROSOFT.
7.4 Update - ISE Session.
SME in the Cloud Awingu Edition Partner presentation Rolan Linsen Combined Solutions Design | Solutions IT
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security VPN R75 (SecureClient Next Generation)
ORNL Site Report ESCC July 15, 2013 Susan Hicks David Wantland.
What’s New in Fireware v WatchGuard Training.
© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.
So how to identify exactly who and what is on your network at any point in time? Andrew Noonan, SE ForeScout February 2015.
Secure Access and Mobility Jason Kunst, Technical Marketing Engineer March 2016 Location Based Services with Mobility Services Engine ISE Location Services.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
MaaS360 MDM for iOS, Android & Windows Phone 7
Hybrid Cloud Web Filtering Platform
Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.
Implementing Network Access Protection
Configuring and Troubleshooting Routing and Remote Access
Power BI Security Best Practices
Cisco Real Exam Dumps IT-Dumps
Cloud Connect Seamlessly
Identity Engines IDE & WLAN 9100 November 2014
Chapter 10: Advanced Cisco Adaptive Security Appliance
Features Overview.
What’s New In WatchGuard Wi-Fi Cloud v8.6
Microsoft Virtual Academy
Presentation transcript:

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL How to Implement Secure Guest Access and Enable BYOD without Compromising your Enterprise Shmulik Nehama, Identity Engines Portfolio Leader Avaya

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL The Beginning of Time… 3

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Then came this… 4

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Time Magazine cover Aug Bill Gates invests $150M to save Apple. Android apps iPhone/iPad apps Tablets in 2012 Smartphones in 2011 Smartphones in 2012 Social Media Users  Tablet market $45B by 2014 – Yankee 2011  50% Enterprise users interested in or using consumer applications – Yankee 2011  Smartphone app revenue to triple by 2014 – Yankee 2011 …Anyone here still using flip phone? 5

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL YES pls do bring your own iPad YES pls do you are welcome to use Wifi VOIP YES pls do you are welcome to use virtual desktop YES pls do you are welcome to do mobile collaboration NO sorry you cannot bring your iPad NO sorry you cannot connect outdoor NO sorry you cannot do video conferencing NO sorry you cannot bring your fancy laptop It’s not about Saying NO… It’s About Staying in Control!! 6

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL It is about a solution that combines control and flexibility!! 7

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL It is about a solution that combines control and flexibility!! 8

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL BYOD Bring Your Own Difficulties 9 Your Difficulties are to find AC Outlets

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Vendor Agnostic Any Network Any User Any Device Avaya Identity Engines Key Value Points… Wired & Wireless Unified Access Centralized Policy Guest Access Audit logs Self-service Sponsor / Front Desk BYOD Access Device On-boarding Device Fingerprinting non-802.1x access 10

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Granular Policy Engines XACML (eXtensible Access Control Markup Language) Local User and Device Store Flexible RADIUS VSAs (Vendor Specific Attributes) Avaya Identity Engines Key Value Points… 11 Directory Federation All major directory servers AD, RSA, LDAP, eDirectory Identity Routing High Availability Active - Active Active - Standby Virtual Appliance All software solution VMware ESXi Windows applications

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Simple and affordable licensing  Network Size License  LITE  SMALL  LARGE  Feature License  TACAS+  Posture  Guest Manager  Access Portal & CASE Wizard  Analytics Avaya Identity Engines Key Value Points… 12 no per user license no per device license

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity-based Access Control… with Identity Engines 13 IF (identity = HR employee) AND IF (device = corp laptop) AND IF (medium = wired) THEN GRANT FULL ACCESS IF (identity = HR employee) AND IF (device = personal iPad) AND IF (medium = wireless) THEN GRANT LIMITED ACCESS Case 1 Employee with corporate laptop Case 2 Employee with personal iPad Identity Engines Role-based Access

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Automating network access has direct impact on reducing cost of change  Each access port is not assigned until a user/device attempts access.  Once authenticated & authorized, user/device is granted appropriate access level.  MAC address lookup: Ignition Server local store Manual input Wildcards (e.g. Avaya IP Phones 00:04:0d* and Cisco IP Phones 00:15:62*) Import CSV file with list of MAC address and other device attributes Access Portal auto-populate 14 IP Phone Visitor or Business Partner Personal Machine Corporate Desktop Network Printer Network Device Wireless Access Point Surveillance Camera Fax Machine Medical Device Local Server/App Guests & Guest Devices Enterprise Network

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Authenticated Network Architecture 15 NETWORK ABSTRACTION LAYER DIRECTORY ABSTRACTION LAYER Reporting & Analytics Posture Assessment Guest Access Mgmt Identity Engines Access Portal CASE Wizard Policy Enforcement Point Policy Decision Point Policy Information Point

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Authenticated Network Architecture 16 Corporate Resources Identity Information Sources: -Active Directory -Novell eDirectory -Sun Directory -Oracle Internet Directory -Generic LDAP -Kerberos -RSA SecurID -Token Based Services -RADIUS Proxy Wireless VPN Firewall Wired Ignition Server Ignition Analytics Ignition Guest Manager Ignition Access Portal Ignition Dashboard

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Server  Centralized, standards-based policy engine  Vendor Agnostic  Highly-available AAA appliance for identity-based network access control  RADIUS integration with all enterprise network equipment  Quick and deep integration with major directories  Detailed logging and troubleshooting capabilities  Hitless upgrades where appropriate  VMware virtual appliance with support for VMware ESX(i) 17

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Ignition Dashboard Access Policy  Access Policy = Authentication Policy + Identity Routing + Authorization Policy & Posture Policy 18

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Ignition Dashboard Detailed Logs 19

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Guest Manager  Guest Manager is a Web-based application that manages temporary network accounts for visitors.  Provisioning/de-provisioning in 10 sec  Front-desk or Guest Self-service  Activation options Immediate activation Future activation Account duration time Activate on first login  Choose any access method to implement: Wireless, Wired, and VPN Track Users: Guests, Consultants, Contractors Complete detailed logs 20

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Guest Manager Administration Multiple Guest Managers may be deployed: Against a single instance of the Ignition Server Under a single Guest Manager license Authorization policies for guests are in the Ignition Server Guest Manager Administrator Creates provisioners Creates provisioning templates Assigns provisioning templates to provisioners Guest Manager Provisioners May be internal or external (i.e. on LDAP / AD etc.) Single or bulk provisioning Provisioners are frequently called sponsors because they sponsor guest. 21

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Guest Manager Administration  Administration Notification options Password complexity Password generation Username generation Users bulk load Expiration Activation 22

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Access Portal  Access Portal can deployed for following use cases: Access without 802.1x enablement Contractor & Employee Access with different modes of 8021.x enablement. −CASE Wizard hosting for Auto-configuration of 802.1x −iOS Profile file hosting (from Apple iPhone/iPad Configuration Utility)  BYOD On-boarding of managed and un-managed consumer devices attributes Device profiling Auto-registration Auto-updates 23  Serves as a Captive Portal for non-802.1x clients  Unifies Wired and Wireless access  Performs device fingerprinting  BYOD On-boarding  Hosting place for the CASE Wizard

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Access Portal  Device Fingerprinting Access the Captive Portal on the IN interface for wired and wireless users User opens browser and enters corporate or guest account credentials User authenticated against Ignition Server If successful authentication, user session is inline through the OUT interface Upon successful authentication, Access Portal, if enabled, also performs profiling of user devices and sends device FINGERPRINT to the Ignition server −Devices Type, Devices Sub-Type, Device OS, Devices OS Version −New Avaya RADIUS VSAs are used for sending the device fingerprint −If trusted, Ignition server automatically creates a device fingerprint records 24 AttributeDescriptionExamples IDMAC Address00:11:22:33:44:55 OSOperating System TypeMac OS X OS VersionOperating System Version10_6_8 Device TypeType of client deviceMobile Sub-typeSub-type of the client deviceiPad

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Access Portal  Device Fingerprinting Access the Captive Portal on the IN interface for wired and wireless users User opens browser and enters corporate or guest account credentials User authenticated against Ignition Server If successful authentication, user session is inline through the OUT interface Upon successful authentication, Access Portal, if enabled, also performs profiling of user devices and sends device FINGERPRINT to the Ignition server −Devices Type, Devices Sub-Type, Device OS, Devices OS Version −New Avaya RADIUS VSAs are used for sending the device fingerprint −If trusted, Ignition server automatically creates a device fingerprint records 25 RADIUS Wireless OUT Wired ADMIN Access Portal HTTP Capturing RADIUS D E V I C E P R O F I L I N G User Devices IN RADIUS Ignition Server AttributeDescriptionExamples IDMAC Address00:11:22:33:44:55 OSOperating System TypeMac OS X OS VersionOperating System Version10_6_8 Device TypeType of client deviceMobile Sub-typeSub-type of the client deviceiPad

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Access Portal  Multiple Access Portals may be deployed: Against a single instance of the Ignition Server w/single Access Portal license  Device Profiling Administrator will be able to set the Access Portal to perform device profiling of wired and wireless devices Device fingerprinting: −Devices Type, Devices Sub-Type, Device OS, Devices OS Version −Devices attributes are sent to the Ignition Server for registration and association with user  BYOD On-boarding Auto-register of Guest Visitor and Employee Guest devices Device profiling of registering devices Auto-association of devices with guest / employee records in Ignition Server Populating device records in Ignition Server with device profile attributes 26

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Access Portal 27 Employee with personal iPad will gain access with Authorization Policy on the Ignition Server Employee with personal Blackberry will NOT gain access with

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Access Portal  Pages Customization Login page Success page Failure page 28

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition CASE Wizard  CASE Wizard CASE = Client Access to the Secure Enterprise A transient application to automate configuration of managed and un-managed Windows devices: −Auto-config of 802.1x −Auto-config of MS-NAP Dissolvable application Revertible or permanent configuration Wired and / or Wireless  Network Profiles & Packages Set of network and security settings that define how a user connects to a particular defined network This profile is saved as an XML file and bundled into a CASE package, which in turn applies the settings to the user’s computer system 29

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition CASE Wizard 30

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition CASE Wizard  Ignition CASE Wizard CASE Wizard package hosted on a customer internal web site or on the Access Portal Different packages may be created for different network connectivity needs Exit Behavior −CASE Wizard may be customized to either exit or reside in the System tray. Revert Settings −CASE Wizard may be customized to let the user revert the settings −Reverting is achieved by clicking the “Revert Settings” in the System Tray. 31

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines iOS Devices  Apple configuration utility for iOS devices  Config profile contains settings: Passcode policies Restrictions on device features Wi-Fi settings VPN settings Exchange ActiveSync Credentials and keys More…  Ways to deploy config profiles Physically connecting to the device In an message On a webpage  hosted by the Ignition Access Portal Using over-the air 32

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines BYOD Examples 33 Corporate Resources Wireless VPN Firewall Wired Ignition Server Ignition Guest Manager Ignition Access Portal Access Portal for Employee registration of un-managed devices IT login w/Admin credentials Device attributes captured Associate device with Device Group in the Dashboard Handover device to employee Policy in Ignition Server handles access Employee login w/AD Device attributes captured Config option with CASE for Windows or iOS Employee access via 802.1x or Access Portal Access Portal for IT registration of managed devices

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Real Life Avaya Use-case: Self-Service Guest Wi-Fi Access 34 Identity Engines R8.0 Avaya Wi-Fi Guest Access Management Live in Santa Clara & Baskin Ridge campuses Avaya WLAN Infrastructure Option 2 Employee sponsor Option 1 Guest Self-service

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Resources  Product Management Shmulik Nehama Office Mobile  YouTube Video  30-Days Free Trial Long term lab licenses available from product management 35

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Live Demo 36

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Santa Clara Lab Topology (Rack F-14) 37 DELL SERVER Internet NIC 1 NIC 2 AVAYA-NET AD SERVER (Windows 2008) LAN DHCP RANGE DHCP Server Guest Manager CASE Administration Windows Access Portal Free BSD x NAC Clients Windows XP DHCP NAC SWITCH (ERS 2550PWR) VLAN 1 VLAN X VLAN 1 VLAN 14 VLAN 1 RADIUS VLAN NIC 1NIC 2 SECURE ZONE (Windows 2003) AVAYA-NET DHCP Server WAN LAN AVAYA-NET SECURE ROUTER DHCP RANGE VMware ESX / 222 Ignition Server Red Hat Enterprise Linux OUT NIC 2 IN ADMIN 24 AVAYA-NET VLAN 24

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Santa Clara Lab Topology 38 DELL SERVER Internet NIC 1 NIC 2 AVAYA-NET AD SERVER (Windows 2008) LAN DHCP RANGE DHCP Server Guest Manager CASE Administration Windows Access Portal Free BSD x NAC Clients Windows XP DHCP NAC SWITCH (ERS 2550PWR) VLAN 1 VLAN X VLAN 1 VLAN 14 VLAN 1 RADIUS VLAN NIC 1NIC 2 SECURE ZONE (Windows 2003) AVAYA-NET DHCP Server WAN LAN AVAYA-NET SECURE ROUTER DHCP RANGE VMware ESX / 222 Remote Desktop (AVAYA-NET.219) Web Browser Guest Manager Access Portal NAC Switch Ignition Server Red Hat Enterprise Linux VMware vSphere Client NAC ClientsIgnition Server Dashboard OUT NIC 2 IN ADMIN 24 AVAYA-NET VLAN 24

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Thank you! 39

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Backup Slides 40

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Microsoft NAP 41

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Posture A Clientless solution Identity Engines Ignition Server can require that the health and security of managed end-user’s computer be checked before it is allowed it to connect to the network. This is called ‘posture’. Posture policies can also auto-remediate common problems. Uses Microsoft’s embedded System Health Agent and Enforcement Client so nothing new to add. 42

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Posture Utilize existing applications on the desktop to conduct posture (compliance check. Windows XP SP3 and higher all support MS-NAP within the base operating system. Single license on Ignition Server to enable MS-NAP integration No additional licensing needed for the end point. 43

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Identity Engines Ignition Posture Clear notification to end-user on access status. Auto-remediation capabilities. ‘More Information’ to provide end-user with explicit details on what to do next (step-by- step instructions, host s/w etc…) Full details in Audit Logs. 44 User Notification Posture Policy Rule

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL  Identify device usage Who are your top users?  Create audit trails Look for trends of usage, users, and devices.  Increase visibility into activity level over time Identifying peak usage, lowest usage.  Deliver flexible reporting formats for Reports PDF, HTML, RTF and XLS file formats.  25 canned reports out-of-the-box Identity Engines Ignition Analytics 45

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Last Slide.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.